From 8ed41c35a314580bb794fa0fff2e01b0bf7efcf7 Mon Sep 17 00:00:00 2001 From: Ed Tanous Date: Sun, 9 May 2021 23:51:31 -0500 Subject: Cache user role in session object MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is an async call within the router that leads to a small, but pervasive performance issue for all queries. Removing that call from the router has the potential to increase the performance of every authenticated query, and significantly reduce our dbus traffic for "simple" operations. This commit re-implements the role cache in session object that existed previously many years ago. Each users role is fetched during authentication and persisted in session object. Each successive request can then be matched against the privilege which is there in the in-memory session object. This was discussed on below commit https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39756 Tested by: ``` POST /redfish/v1/SessionService/Sessions {"UserName":"root", "Password": “0penBmc”} ``` Followed by redfish queries Get /redfish/v1/AccountService Tested user role persistency Redfish service validator passes. Signed-off-by: Ravi Teja Signed-off-by: Ed Tanous Change-Id: I575599c29358e32849446ce6ee7f62c8eb3885f6 --- src/webserver_main.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/webserver_main.cpp b/src/webserver_main.cpp index 67e2aaef04..34fe18f07d 100644 --- a/src/webserver_main.cpp +++ b/src/webserver_main.cpp @@ -18,6 +18,7 @@ #include "security_headers.hpp" #include "ssl_key_handler.hpp" #include "user_monitor.hpp" +#include "user_role_map.hpp" #include "vm_websocket.hpp" #include "webassets.hpp" @@ -143,6 +144,9 @@ static int run() crow::hostname_monitor::registerHostnameSignal(); #endif + // Init the user role map + crow::UserRoleMap::getInstance(); + bmcweb::registerUserRemovedSignal(); app.run(); -- cgit v1.2.3